Web Hosting Security

  Home arrow Web Hosting Security arrow Firesheep Add-on for Firefox Allows Us...
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WEB HOSTING SECURITY

Firesheep Add-on for Firefox Allows Users to Hijack Social Networking Sessions
By: wubayou
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 5
    2010-11-01

    Table of Contents:

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     

    SEARCH WEB HOSTERS

    TOOLS YOU CAN USE

    advertisement
    A recently released add-on for Firefox gives those who install it the power to hijack access to the Facebook accounts and more of those in their close proximity. The add-on goes by the name of Firesheep, and it has created a stir concerning the security of public Wi-Fi spots and some websites.

    Eric Butler, a freelance web application developer from Seattle, is the man behind the creation of Firesheep. He introduced his new add-on to the public during ToorCon 12, a security conference that took place last weekend in San Diego. As for the reason behind the release of such a controversial add-on, Butler stated that he created Firesheep to demonstrate the negative consequences that can occur when accessing an unencrypted website over a public Wi-Fi connection. 

    In a post on his blog, Butler also stated that Firesheep shows how sites like Facebook and Twitter must do a better job at encrypting their sites to protect their users' privacy. Rather than releasing new privacy features over and over again, Butler suggests that the sites should fully encrypt sessions using SSL or HTTPS.   

    Butler's blog post detailed how the privacy problems occur. When accessing a site such as Facebook, for example, the user enters their username and password to log in to the account. The site's server will look for an account that matches the username and password, and if found, it will reply back with a cookie that the browser uses for other requests during the session.

    Although the login process is usually encrypted, other actions usually are not.  Thus, the cookie is not protected, and a hacker can hijack the cookie and the HTTP session. This process, sometimes referred to as sidejacking, allows the hacker to perform actions on a website as if they were the owner of that specific account. If someone tries to access such a site on an open wireless network, they are extremely vulnerable to these attacks, as cookies are left out in the open over the network, and ready for the taking.  

    Installing Firesheep creates a sidebar. After connecting to an open Wi-Fi network and clicking the Start Capturing button, the Firesheep user will see the name and photo of anyone on the wireless network that is visiting an insecure website.  Double-clicking on the person in the interface will log the user into the website as that person. For the process to work, it is best to connect to a wireless network in a busy location. Also, people will only appear if they are visiting a site known to Firesheep. Besides Facebook and Twitter, Firesheep can be used to hijack other sites such as Amazon, Flickr, Google, and bit.ly. 

    As of now, Firesheep is available for Windows and Mac OS X, and a Linux version is on the way. In less than a week online, Firesheep has already seen over 50,000 downloads. While many downloaders are undoubtedly using the add-on to spy on others, Butler hopes that its release will push websites to become more secure.

    For more, visit the Computerworld story.


    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    More Web Hosting Security Articles
    More By wubayou

    WEB HOSTING SECURITY ARTICLES

    - For Online Security, Invest in People
    - World`s Third-Largest Botnet Bites the Dust
    - Yahoo Security Breach Highlights Poor Practi...
    - How to Prevent Mobile Malware
    - FBI Issues Internet Security for Travelers a...
    - More of the Top Internet Scams
    - How to Stop Phishing Scams
    - Social Networking Safety Tips
    - How to Avoid Financial Fraud Online
    - Android`s Most Notorious Trojans and Viruses
    - GFI Report Details Top 10 Threat Detections ...
    - Sophos Releases Security Threat Report 2012
    - Facebook Safety Tips for 2012
    - Email Scam Hits Apple Users
    - Tips for Mobile Security

    Developer Shed Affiliates

     




    © 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap